The iCloud hackers' bitcoin ransom looks like a fake

A group of hackers who claimed to hold millions of iCloud accounts for ransom said on Friday they'd been paid. But one bitcoin expert says that's bogus.

The Turkish Crime Family grabbed headlines last month by claiming they had the stolen login credentials for more than 700 million icloud.com, me.com and mac.com accounts. They demanded increasing ransoms from Apple while threatening to wipe the data from devices connected to the affected accounts if it did not.

On Friday, the hackers tweeted that they had been paid US$480,000 in bitcoin. As proof, the group posted a link showing a transaction on Blockchain.info, a popular bitcoin wallet.

“We were told by our negotiator that we have come to a final agreement with Apple,” the hacking group tweeted prior to receiving the payment.

However, the hackers actually tweeted out a transaction to an "internal treasury operation at a bitcoin exchange," according to Jonathan Levin, co-founder at Chainalysis, a provider of anti-money laundering software for bitcoin.

"We have positively identified that the inputs and outputs of that transaction are controlled by a single bitcoin exchange," Levin said in an email. The transaction was part of an internal money deposit process at a Korean bitcoin exchange, he said.

Apple didn’t respond to a request for comment. The tech giant has said that it never suffered any such breach. The stolen login credentials that the hackers obtained appeared to come from breaches at other third-party services, Apple said.

Security researchers suspect that's true, and they believe the Turkish Crime Family has exaggerated its hacking claims.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.